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Amendment to the Claims : 

This listing of claims replaces all prior versions, and 
listings, of claims in the application: 

1. (currently amended) A method comprising providing a 
capability to perform operations on a computer system, the 
operations comprising: 

searching an entry associated with a network component in 
an aggregated data set to identify one or more pointers to a 
deployment policy tree and a pointer to a configuration tree; 

based on the identified one or more pointers to the 
deployment policy tree, searching the deployment policy tree to 
identify one or more policies directly associated with the 
network component and to identify one or more policies directly 
associated with the group; 

baaed on the identified pointer to the network 
configuration tree f searching the configuration tree to identify 
a parent node corresponding to a group to which the network 
component belongs to generate 

identifying one or more policico aooooiatod with a network 
component ; 

generating a list of one or more groups to which the 

network component belongs ; and 

identifying one or more policies associated with oaoh of 

the groupa in the generated list . 

2 

PAGE 4/17* RCVD AT 7/2012005 7:08:36 PM [Eastern Daylight Time] 1 SVR:USPTO£FXRF-6/26 * DNiS:2738300 ' CSID:1 858 678 5099 ' DURATION (mm-ss):0540 



07/20/2005 16:07 FAX 1 858 678 5083 FISH AND RICHARDSON 



@ 005/017 



Attorney's Docket No. : 10559/503001/P11795 

2. (original) The method of claim 1 in which the network 
component comprises one or more of the following: a network 
device, a device group, a device subgroup, a user, a group of 
users, an application, a group of applications, an end-host, a 
group of end-hosts, and one or more time conditions. 

3. (original) The method of claim 2 in which at least one 
of the identified policies associated with the network component 
is currently deployed. 

4. (original) The method of claim 2 in which at least one 
of the identified policies associated with the network component 
is currently undeployed. 

5-6. (canceled) 

7. (currently amended) The method of claim 1 & further 
comprising recursively searching the aggregated data set and the 
configuration tree until a non-group node is encountered in the 
configuration tree. 

B. (original) The method of claim 7 in which the recursive 
searching generates a group chain list. 

9. (canceled) . 
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10- (currently amended) The method of claim 1 in which one 
or more of the operations is performed at least in part using 
the a« aggregated data aet - 

11- 12. (canceled) . 

13, (currently amended) The method of claim 1^ -3^9- in which 
the aggregated data set comprises a plurality of entries, each 
entry corresponding to a network component and including a 
network component identifier, one or more pointers to a 
deployment policy tree, and a pointer to a network configuration 
tree. 

14. (original) The method of claim 1 in which providing a 
capability to perform operations on a computer system comprises 
providing at a network management policy decision point a policy 
based network management software application capable of 
performing the operations. 

15- (currently amended) An article comprising: 

a storage medium having a plurality of machine readable 

instructions, wherein execution of the instructions causes a 

machine to perform operations comprising: 
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search an entry associated with a network component in an 
aggregated data set to identify one or more pointers to a 
deployment policy tree and a pointer to a configuration tree; 

baaed on the identified. one, or more pointers to the 
deployment policy tree, search the deployment policy tree to 
identify one or more policies directly associated with the 
network component and to identify one or more policies directly 
associated with the group; and 

based on the identified pointer to the network 
configuration tree, search the configuration tree to identify a 
parent node corresponding to a group to which the network 
component belongs to identify one or more policico associated 
with a network component; generate a list of one or more groups 
to which the network component belongs ; and 

identify one or more policies associated with each of 
the groupo in the gon&ratcd liot -, 

16. (original) The article of claim 15 in which the network 
component comprises one or more of the following; a network 
device, a device group, a device subgroup, a user, a group of 
users, an application, a group of applications, an end-host, a 
group of end-hosts, and one or more time conditions. 

17-18. (canceled) . 
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19. (currently amended) The article of claim 15 i& further 
comprising instructions to recursively search the aggregated 
data set and the configuration tree until a non-group node is 
encountered in the configuration tree. 

20. (original) The article of claim 19 in which the 
recursive searching generates a group chain list. 

21 . (canceled) . 

22. (currently amended) The article of claim 15 in which 
one or more of the operations is performed at least in part 
using the a« aggregated data set. 

23. (currently amended) The article of claim 15 5* in which 
the aggregated data set comprises a hash table or a red-black 
tree. 

24. (currently amended) The article cf claim 15 ^ in which 
the aggregated data set comprises a plurality of entries, each 
entry corresponding to a network component and including a 
network component identifier, one or more pointers to a 
deployment policy tree, and a pointer to a network configuration 
tree . 
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25. (original) A policy based network management (PBNM) 
system comprising: 

a network configuration tree configured to store a tree 
representation of a network configuration, the tree 
representation being formed of a plurality of nodes, each node 
corresponding to a network component; 

a deployed policy tree configured to store a tree 
representation of policies associated with network components,- 

an aggregated data set configured to store a plurality of 
data elements including one or more identity elements, one or 
more pointers to the deployed policy tree, and one or more 
pointers to the network configuration tree, each identity 
element identifying a network component and having an associated 
network configuration tree pointer and one or more associated 
deployed policy tree pointers; and 

one or more software components configured to identify one 
or more policies associated with a network component; generate a 
list of one or more groups to which the network component 
belongs; and identify one or more policies associated with each 
of the groups in the generated list . 

26. (original) The system of claim 25 in which the network 
component comprises one or more of the following: a network 
device, a device group, a device subgroup, a user, a group of 
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users, an application, a group of applications, an end- host, a 
group of end-hoBte, and one or more time conditions. 

27. (original) The system of claim 25 in which the one or 
more software components configured to identify one or more 
policies associated with the network component are configured to 
perform the following: 

search an entry associated with the network component in 
the aggregated data set to identify the network component's one 
or more associated deployed policy tree pointers; and 

based on the identified one or more deployed policy tree 
pointers, search the deployment policy tree to identify one or 
more policies directly associated with the network component. 

28. (original) The system of claim 25 in which the one or 
more software components configured to generate the list of one 
or more groups to which the network component belongs are 
configured to perform the following: 

search an entry associated with the network component in 
the aggregated data set to identify the network component's 
associated network configuration tree pointer; and 

based on the identified network configuration tree pointer, 
search the network configuration tree to identify a parent node 
corresponding to a group to which the network component belongs. 
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29. (original) The system of claim 28 in which the one or 
more software components recursively search the aggregated data 
set and the network configuration tree until a non-group node is 
encountered in the configuration tree, 

30, (original) The system of claim 25 in which the one or 
more software components configured to identify one or more 
policies associated with each of the groups in the generated 
list are configured to perform the following for each group in 
the list: 

search an entry associated with the group in the aggregated 
data set to identify the group's one or more associated deployed 
policy tree pointers; and 

based on the identified one or more deployed policy tree 
pointers, search the deployed policy tree to identify one or 
more policies directly associated with the group. 

31-32 . (canceled) . 

33. (currently amended) A method comprising providing a 
capability to perform operations on a computer system, the 
operat ions compris ing : 

receiving a request to identify one or more policies 
associated with a specified subject; 

identifying one or more policies directly associated with 
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the specified subject by; 

searching an entry associated with the specified 
subject in an aggregated data set to identify one or more first 
pointers to a deployment policy tree; and 

based on the identified one or more first deployment 
policy tree pointers, searching the deployment policy tree to 
identify one or more policies directly associated with the 
specified subject ; 

generating a list of one or more groups to which the 
specified subject belongs by: 

searching an entry associated with the specified 
subject in the aggregated data set to identify a pointer to a 
configuration tree; and 

based on the identified configuration treejointer, 
searching the configuration tree to identify a parent node 
corresponding to a group to which the specified subject belongs ; 
and 

identifying one or more policies associated with each of 
the groups in the generated list by: 

searching an entry associated with the group in the 
aggregated data set to identify one or more second pointers to a 
deployment policy tree; and 

based on the identified one or more second deployment 
policy tree pointers, searching the deployment policy tree to 
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identify one or more policies directly associated with the 
group . 

34. (original) The method of claim 33 in which the 
specified subject comprises one or more of the following: a 
network device, a device group, a device subgroup, a user, a 
group of users, an application, a group of applications, an end- 
host, a group of end-hosts, and one or more time conditions . 

35-36. (canceled) . 

37. (currently amended) The method of claim 33. further 
comprising recursively searching the aggregated data set and the 
configuration tree until a non-group node is encountered in the 
configuration tree. 

38. (canceled) . 

39. (original) The method of claim 33 in which providing a 
capability to perform operations on a computer system comprises 
providing at a network management policy decision point a policy 
based network management software application capable of 
performing the operations . 
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